From the KelpDAO Attack to Aave Bad Debt Risk: Analyzing the rsETH Collateral Crisis and Reserve Coverage Mechanisms
On April 18, 2026, an attack that didn’t touch any smart contract code resulted in the largest bad debt in the history of Aave, a leading lending protocol previously unscathed by security incidents. The attacker minted 116,500 rsETH out of thin air via KelpDAO’s cross-chain bridge, deposited these unbacked tokens into Aave as collateral, borrowed a large amount of WETH, and then vanished. According to Gate market data, as of April 22, 2026, the AAVE token was priced at $92.51, down 7.72% over the past 7 days, with market sentiment remaining neutral. However, the market’s concerns go far beyond the token price—can Aave’s Umbrella safety reserves cover this bad debt, which could reach as high as $230.1 million? Will this crisis trigger broader systemic contagion across DeFi?
A Precision Strike in 46 Minutes
At 17:35 UTC on April 18, 2026, the rsETH cross-chain bridge built by KelpDAO on LayerZero technology came under attack. Within 46 minutes, the attacker released 116,500 rsETH from Ethereum mainnet, valued at approximately $292 million at the time—nearly 18% of the total rsETH circulating supply. KelpDAO’s emergency multisig group responded about 46 minutes later by freezing core protocol components, including the LRT liquidity pool, withdrawal contracts, oracle, and the rsETH token, successfully blocking two subsequent withdrawal attempts totaling 40,000 rsETH (around $100 million). However, by then, the 116,500 rsETH had already been moved by the attacker to eight pre-set cash-out addresses and rapidly injected into Aave’s V3 and V4 markets.
This attack made the KelpDAO incident the largest single DeFi protocol exploit of 2026 to date.
Timeline of Events
| Time (2026) | Key Event |
|---|---|
| April 18, 17:35 UTC | Attacker sends forged cross-chain message to KelpDAO bridge contract, illegally releasing 116,500 rsETH |
| Within 46 minutes after attack | KelpDAO emergency multisig freezes core protocol components, intercepts further withdrawal attempts |
| Within 6 minutes after attack | Attacker deposits rsETH into Aave V3/V4 via 8 pre-set addresses, borrows WETH |
| Early hours of April 19 | Aave Guardians freeze all 11 markets’ rsETH/wrsETH reserves, set LTV to zero |
| April 19 | According to DefiLlama, Aave TVL plunges from $26.3B to ~$18B, wiping out $8.3B in two days |
| April 20 | LayerZero releases preliminary report, attributes attack to North Korea’s Lazarus Group (TraderTraitor) |
| April 21 | Arbitrum Security Council freezes 30,766 ETH (~$71M) involved in the attack |
- Losses: 116,500 rsETH, about $292 million
- Affected Aave markets: 11, including Ethereum Core, Arbitrum, Mantle, Base, Linea, and others
- Aave TVL outflow: ~$8.3 billion over two days
- Industry-wide DeFi TVL evaporated: ~$10 billion
In-Depth Technical Breakdown
This attack was not a traditional smart contract exploit, but rather a complex event combining a "bridge configuration flaw" with a "nation-state-level infrastructure attack." The attack unfolded as follows:
Step 1: Obtaining the RPC node list. The attacker acquired the list of RPC nodes used by LayerZero Labs’ decentralized validator network (DVN).
Step 2: Poisoning RPC nodes. The attacker compromised two of these RPC nodes, replacing their op-geth binaries with malicious versions. These nodes served fake data specifically to DVN IPs, while appearing "honest" to other observers.
Step 3: DDoS triggers failover. The attacker launched a distributed denial-of-service attack on the remaining uncompromised RPC nodes, forcing DVN to route all traffic through the poisoned nodes.
Step 4: Sending a forged cross-chain message. The attacker submitted a fake cross-chain message, purportedly from KelpDAO’s Unichain deployment. Relying on falsified on-chain state from the poisoned nodes, DVN validated the message. After a 2/3 multisig quorum, the forged message was authenticated as legitimate.
Step 5: Releasing rsETH on Ethereum mainnet. The attacker invoked the commitVerification() and lzReceive() functions, causing the rsETH OFT adapter on Ethereum to mint and release 116,500 rsETH to the attacker’s address.
Step 6: Cashing out. The attacker distributed rsETH to eight pre-set addresses, each of which, within about six minutes, deposited rsETH into Aave as collateral, borrowed WETH, and moved the assets out.
On-chain data proves the attack: Unichain’s outboundNonce remained at 307, with the attacker’s claimed nonce 308 never existing. No PacketSent event for nonce 308 was emitted, and Unichain’s total rsETH supply was only 49.26—making a cross-chain burn of 116,500 mathematically impossible.
Quantifying Aave’s Risk Exposure
According to an April 21 incident report by Aave risk service provider LlamaRisk, the attacker deposited 89,567 of the stolen rsETH as collateral across multiple Aave V3 markets, borrowing about 82,650 WETH (~$191 million) and 821 wstETH. Since these rsETH tokens were minted from nothing and had no real underlying assets, their collateral value in the Aave system was effectively zero, resulting in bad debt.
Aave faces two possible bad debt scenarios, with final resolution depending on KelpDAO’s loss allocation decision:
| Dimension | Scenario 1: Global Loss Sharing | Scenario 2: Losses Limited to L2 Networks |
|---|---|---|
| Bad debt amount | ~$123.7 million | ~$230.1 million |
| Main impacted markets | Ethereum Core | Mantle, Arbitrum |
| Key risk data | WETH reserves deep enough | Mantle 71.45% shortfall, Arbitrum 26.67% shortfall |
| rsETH depegging risk | ~15% | Higher |
| Umbrella coverage potential | Partial | Difficult to cover |
Source: LlamaRisk incident report
Reserve Coverage Assessment
As of the report’s publication, Aave’s relevant fund pools are as follows:
- Aave DAO Treasury: Holds about $181 million in assets
- Umbrella Safety Reserve: Approximately $80–100 million
- OG Safety Module: Still holds about $300 million in AAVE tokens; a 20% haircut could provide an additional ~$60 million in loss coverage
Projected reserve shortfall:
In the worst-case scenario (bad debt of $230.1 million), even after deploying the Umbrella reserve (about $55 million), Aave Treasury (about $85 million), and OG Safety Module haircut (about $60 million), there could still be a gap of roughly $76 million, which would need to be filled by borrowing or selling AAVE tokens.
Diverging Industry Opinions
This incident sparked sharply different interpretations and attributions across the industry, with debate centering on three main areas:
Disputes Over Responsibility
LayerZero pointed to KelpDAO’s architectural choices, emphasizing that KelpDAO used a "1/1 DVN configuration"—meaning a single validator could approve cross-chain messages—whereas industry best practice is to use multiple DVNs. LayerZero stated it had repeatedly advised KelpDAO to migrate to a multi-DVN setup, which was not adopted, and announced it would no longer sign messages for any application using a 1/1 DVN configuration.
KelpDAO responded that it had operated on LayerZero infrastructure since January 2024 and maintained open communication with the LayerZero team. KelpDAO noted that the DVN configuration issue was discussed during L2 network expansion, with the default setting explicitly confirmed as appropriate, suggesting that LayerZero’s documentation and guidance also bear responsibility.
Industry observers highlighted that the attacker demonstrated the ability to "chain together weaknesses in infrastructure, applications, and trust relationships." This was not a one-off opportunistic attack, but a sophisticated infiltration targeting complex systems.
Evaluating Aave’s Response
Supporters praised Aave’s rapid response—freezing all 11 rsETH/wrsETH markets within hours, setting LTV to zero, lowering multi-chain WETH rates, and halting lending. Aave founder Stani stated in a community AMA that the protocol’s core contracts remained secure and that monthly revenue of about $12 million was sufficient to cover potential losses.
Critics focused on the possibility that, if the safety module’s staked AAVE tokens are ultimately used to fill the bad debt gap, the cost of KelpDAO’s vulnerability would be shifted onto Aave stakers. They also noted that the Umbrella mechanism, launched less than two months ago, was already facing an extreme stress test, with its effectiveness yet to be proven.
Reflections on DeFi’s Future
DefiLlama founder 0xngmi remarked that even protocols not directly affected were not spared from panic withdrawals: Aave saw net outflows of $6.2 billion (-23%), and nearly $10 billion in DeFi TVL evaporated industry-wide. He bluntly stated, "There are no winners in these incidents—only a shrinking ‘pie’ for the entire industry."
Conversely, some believe that while the "2026 hacker list" has deepened industry pessimism, the on-chain economy is still expanding—USDT and USDC combined market caps total about $263 billion, tokenized US Treasuries have surpassed $10.9 billion, and capital is rotating toward simpler products with greater collateral transparency.
Examining Structural Industry Impacts
Shifting the DeFi Security Paradigm
The KelpDAO incident exposed a structural blind spot in DeFi security: current audits focus mainly on smart contract code, but attackers can bypass code entirely and target underlying infrastructure. In this case, the attacker exploited RPC poisoning and DDoS attacks to undermine the trustworthiness of cross-chain validation, without exploiting any contract vulnerability. This marks an expansion of DeFi’s threat surface from "code correctness" to "validation trustworthiness" and "infrastructure integrity."
Security research firms noted that, together with the $285 million Drift protocol exploit in early April (which involved privilege abuse and pre-signature flaws), this attack points to a trend: governance permissions, signature processes, bridge mechanisms, oracles, and parameter configurations are as important as, if not more important than, smart contract code itself.
Impact on the Liquid Restaking Token Market
As one of the largest liquid restaking tokens (LRTs) in the EigenLayer ecosystem, rsETH’s crisis of trust is inevitably spreading to the entire LRT sector. Before the incident, rsETH’s total value locked exceeded $1.5 billion. After the attack, all rsETH-related markets were frozen. More importantly, the incident confirmed a core risk of cross-chain LRTs: when LRTs rely on cross-chain bridges to circulate across multiple chains, a vulnerability on any one chain’s bridge can put token holders on all chains at risk.
Aave’s Long-Term Credit Test
Although Aave’s core contracts were not breached, the challenge of "collateral authenticity verification" will continue to trouble Aave governance. Some argue that the most urgent need is to establish a mechanism for verifying the source of collateral, requiring cross-chain assets like rsETH to provide real-time Merkle proofs of underlying collateral, so that oracles validate not just price, but also "asset authenticity." Whether Aave will introduce stricter collateral verification in V4 will be closely watched by the industry.
Accelerating Capital Migration Trends
The outflow of funds triggered by the incident was not evenly distributed. Data shows that while overall DeFi protocol TVL declined, stablecoin market caps and tokenized US Treasuries continued to grow—USDT’s market cap reached $185 billion, USDC $78 billion, and tokenized US Treasuries surpassed $10.9 billion. This divergence indicates that capital is flowing out of complex native DeFi products and into simpler, more transparent ones. Visa’s 2026 stablecoin strategy document also notes that stablecoin supply grew by over 50% in 2025, with 2026 seen as a turning point for institutional adoption.
Conclusion
The KelpDAO exploit has revealed a long-overlooked structural issue in DeFi: smart contract code security does not equal system security. When attackers can steal $292 million without touching a single line of contract code—simply by undermining infrastructure trustworthiness—the entire industry’s security paradigm must adapt. For Aave, the ultimate resolution of bad debt will depend on multi-party coordination and KelpDAO’s allocation decisions. More importantly, this incident will catalyze the evolution of DeFi security standards—redundant cross-chain validation, proof of collateral authenticity, and risk isolation between protocols are no longer "nice-to-haves," but "survival essentials." As the DefiLlama founder put it, there are no winners in incidents like this, but at least the industry can emerge more resilient through these growing pains.
Share
